Le lundi 15 août 2022, 14:19:57 UTC David Bremner a écrit :
> Bastien Roucariès writes:
> > Le samedi 16 juillet 2022, 21:49:31 UTC Pierre-Elliott Bécue a écrit :
> > Thanks for this hard work, however it seems that some mail client consider
> > these mail as invalid, whereas gmail and other
On Aug 15, Ansgar wrote:
> To not look like forged mail, the "From" header field (not the
> envelope) has to be validated with either DKIM or SPF. disroot.org
> says this is supposed to be the case for mail from their domain:
Not exactly. DMARC validation requires that at least one of DKIM or
On Mon, 2022-08-15 at 23:09 +0530, Praveen Arimbrathodiyil wrote:
> I would like to bring up the issue of providers with strict SPF
> record, for example disroot.org
>
> dig -t TXT disroot.org has the relevant line,
> disroot.org.3600IN TXT "v=spf1 a mx -all"
>
> which
On 17/07/22 3:19 am, Pierre-Elliott Bécue wrote:
Dear developers,
In the past months, it's been clear that sending mails from an
@debian.org address to some mail providers, including GMail, has become
harder and harder. While user DKIM feature (documented on [0]) can help,
we thought
Bastien Roucariès writes:
> Le samedi 16 juillet 2022, 21:49:31 UTC Pierre-Elliott Bécue a écrit :
> Thanks for this hard work, however it seems that some mail client consider
> these mail as invalid, whereas gmail and other verifier service consider ok...
>
> Any idea for debugging?
>
>
Le samedi 16 juillet 2022, 21:49:31 UTC Pierre-Elliott Bécue a écrit :
> Dear developers,
>
> In the past months, it's been clear that sending mails from an
> @debian.org address to some mail providers, including GMail, has become
> harder and harder. While user DKIM feature (documented on [0])
Vincent Bernat wrote on 25/07/2022:
> Would it be possible to also make it available on port 465 without
> STARTTLS?
I'd also prefer "full TLS" over STARTTLS, as it is simpler (encryption
from the beginning instead starting with a plaintext session) and
somehow more secure than STARTTLS, see [1],
Vincent Bernat wrote on 25/07/2022 at 14:58:04+0200:
> On 2022-07-16 23:49, Pierre-Elliott Bécue wrote:
>> In the past months, it's been clear that sending mails from an
>> @debian.org address to some mail providers, including GMail, has become
>> harder and harder. While user DKIM feature
On 2022-07-16 23:49, Pierre-Elliott Bécue wrote:
In the past months, it's been clear that sending mails from an
@debian.org address to some mail providers, including GMail, has become
harder and harder. While user DKIM feature (documented on [0]) can help,
we thought providing a relay server for
On 7/16/22 23:49, Pierre-Elliott Bécue wrote:
Dear developers,
In the past months, it's been clear that sending mails from an
@debian.org address to some mail providers, including GMail, has become
harder and harder. While user DKIM feature (documented on [0]) can help,
we thought providing a
On 17/7/22 10:37, Ansgar wrote:
On Sun, 2022-07-17 at 10:29 +0200, Dominik George wrote:
tl;dr: DKIM-signed mail is verifiable, but only the headers; the body
can be tampered with;
This is just wrong. There is no reason to sign mails to ensure
authenticity if one can just change the body...
On 2022-07-17 10:29, Dominik George wrote:
tl;dr: DKIM-signed mail is verifiable, but only the headers; the body can be
tampered with
That's not true. The body is always part of the signature (in a strict
or relaxed way).
> The Signer/Verifier MUST compute two hashes: one over the body of
On Sun, Jul 17, 2022 at 10:35:21AM +0200, Ansgar wrote:
> On Sun, 2022-07-17 at 10:02 +0200, Mattia Rizzolo wrote:
> > At this point, what about SPF? Ignoring potential whitelists on mail
> > receivers, I think using this service doesn't provide extra
> > advantages than signing on our own
On Sun, 2022-07-17 at 10:29 +0200, Dominik George wrote:
> tl;dr: DKIM-signed mail is verifiable, but only the headers; the body
> can be tampered with;
This is just wrong. There is no reason to sign mails to ensure
authenticity if one can just change the body...
Ansgar
On Sun, 2022-07-17 at 10:02 +0200, Mattia Rizzolo wrote:
> At this point, what about SPF? Ignoring potential whitelists on mail
> receivers, I think using this service doesn't provide extra
> advantages than signing on our own servers.
Why SPF? It doesn't provide any extra advantages over DKIM.
Hi,
thanks for finally providing this!
> Mails sent via this server will be DKIM-signed if the from is a
> debian.org, debconf.org or ftp-master.debian.org address. If any
> additional domain should be considered, feel free to ask.
I just wanted to make you aware of something interesting I
On Sat, Jul 16, 2022 at 11:49:31PM +0200, Pierre-Elliott Bécue wrote:
> This service is now operational behind mail-submit.debian.org (AKA
> stravinsky.debian.org). Documentation about how to use this service can
> be accessed via [1].
That's great!
> If you have any question or issue, please
17 matches
Mail list logo
